Hi there. I just finished coding a new feature which I think you may like.

You can now use the following notation to format only certain parts of your control's text:

for italic, use _this notation_

for a link, use [this notation]

for bold, use *this notation*

Here's a screenshot of what the above text looks like in a Paragraph control, for instance:

The shortcuts will work almost everywhere, where it makes sense.

You can escape *, _, [ and ] characters with \*, \_, \[ and \], so if you want to write "this [is] some text" and don't want the "is" to become a link, just type "this \[is\] some text".

This is a big change so before I push it live I'd love it if some of you could help me test it by installing the pre-release build and playing with it for a few days (as always, no guarantees). If everything goes well, I'll put the change in this Sunday's weekly 1.5 release, update the help page and all that good stuff.

For feedback, post it here or on GetSatisfaction (there are anumberofthreads about this feature already).

My question is, as I am trying to get an application of mine built in AIR, and it is commercial software, with features disabled that I want enabled after entering a license key.... since AIR sends out your whole SWF file that can easily be decompiled, what do you recommend doing to protect your IP since it's basically being given away free with every download? It could also be easily cracked I assume.

What he is referring to is the fact that Adobe AIR application files are really in essence simple Flash movies (SWF files), zipped up. SWFs are, and have always been, fairly easy to decompile, which means that you can run the SWF through a piece of software which will spit out the original source code for the application (what he refers to as "your IP" in the question).

He suggested I answer in a blog post, so here it is.

My short answer is this: I don't do anything to protect against decompiling, and I'm not worried about it.

The following is my current thinking on software piracy and what to do about it. These are just my current views, I don't claim them as great ideas of my own. It's just what I have learned so far, from different people, books, blog postings, etc.

Also, I realize that the rise of SaaS might make this less relevant in the future, but who knows...I think the future is hybrid, we'll see.

The software buyer/hacker spectrum

I don't like generalizing, but here it goes. I believe there are 3 main categories of software users when it comes to purchasing software versus stealing it: "those who'll buy", "those who might buy" and "those who will never buy".

I the pie chart below I refined it a bit to 5 categories, and since I don't know how big they really are, I intentionally made all the pieces the same size, except for the yellow one, which I believe is the biggest one:

Let me describe each piece before discussing how I approach each one.

At one end of the spectrum are those who will never spend money on your software. This category includes actual criminals who will steal your SW to repackage it and sell it, high school kids who like to show off their hacking skillz, and also very legitimate and respectable entities like the Free Software Foundation others who simply believe software should be gratis (the strikethrough is due to a mistake of mine in confusing free as in speech vs free as in beer. My bad, I respect the FSF!).

Then there's a piece of the world population who simply cannot afford to spend money on your software, or at least not a lot. These people probably don't feel great about using cracked versions of your software, but they do it because they need it and cannot afford what you are charging for it. In other words, they have bigger problems to deal with.

I think the majority of people in the world fit in the yellow (gray?) area in the middle. They'll use pirated software if it's easy to get, but will pay for it otherwise. The more expensive the software, the more these people will shift towards the red pieces.

Then there's a piece that only pays for software because they fear getting caught stealing it. I think this pie includes a big chunk of businesses too.

The last piece is the nice guys, the honest people who pay for what they use, pay all of their taxes, etc.

I try to please each segment of the population with a different approach:

for the criminals: you can't beat them on technical grounds, just forget it. If people want to crack software, they will (code obfuscation, call-home schemes or not. These guys write decompilers before breakfast). The way to deal with this is to have a nice End User License Agreement on your site as well as a Terms of Use document. Make sure that each download link says "I agree" on it, and basically give people the impression that you have done your homework, have a lawyer and are not some rookie waiting to be taken advantage of. Oh, and do keep a good lawyer handy to help you if the time comes. If you find out that someone is selling your same product under a different brand, I believe that a strongly worded letter from your lawyer might go a long way...then again, who knows. But as I will explain later, this doesn't matter that much.

for the hackers: again, don't try to beat them with crazy encryption schemes, because they are better than you: what you consider a nuisance to code is their passion. My approach is this: try not to make enemies and don't give them a challenge. If you are perceived as "a nice company", the likelihood you will be targeted by hackers is lower (I wonder how many Windows viruses were created because of MS's arrogance and offensive remarks about linux over the years). This is, in small part, why I give so many licenses away to non-profits and do-gooders of all kinds. Also, if the software is cheap to start with, has a free version available, and the license key looks fairly simple to hack, why bother hacking it? I believe these are all factors that contribute to why only 16 people have Googled "balsamiq mockups serial" so far (in over 8,800 search-generated-visits).

for the "I believe software should not be paid for" crowd...just give them the software for free! I am a fan of OSS, and though it doesn't make sense for me financially to go that route, I like to contribute by offering free versions of all my software to open source projects. Plus it's not like they would pay for it anyways...

for those who can't afford it: offer a fully functional but "somewhat uncomfortable" version of your software for free. This way they'll be able to use the software (some) and not even bother looking for a cracked version of it somewhere. This is what I do with the Mockups demo on this site. It nags you every 5 minutes, but you can dismiss the nag and keep working. You cannot save mockups to file from the software, but you can export the XML and save it in a text file, only to re-import it later. In short, it's a bit of a pain, but you can use it. It's a fine line: you want to give enough away to be useful, but you want to make it annoying enough that people will rather buy the full version, for convenience or for added features. Oh, and give the full version away to those in this category who ask you directly, in exchange for a promise to spread the word about it. Again, it's not like you'd get their money if you had stricter protection...

then we have the yellow guys. These are who your licensing code should be designed for. You want to shift as many of these as possible towards the green side, not the red side. Here's what I do: I have a license key that's fairly simple to read or type (it will be something more or less like this made up one: eOLi0odswsqklKz/C36lOzM0srD9E0MjIxNjM3MgCBGQw3). The key alone doesn't unlock the software, it needs your full name as well (it's encoded in the key and the two have to match). The size and format of the key are important because making it too long or hard to deal with (like having them download a license file from your servers than placing it on a specific directory, or having the software "call home" on launch) would reduce the usability of your software and give this kind of user the impression that you really don't think they should be trusted. The fact that the key has a name in it is a big psychological deterrent to sharing it. If I found a key on a cracked site, I'd be able to immediately trace it back to the owner. I believe this, coupled with the accessible price of my software, is enough to sway most of the "yellow area" people in the buying direction.

The "embed the name in the key" trick works well for those who buy the software because they fear getting caught with a cracked copy as well. Another thing to do here could be to embed the key (and thus their name) in every file that your software generates. I don't do this, but I know some do.

for those of you who pay for my software based on your moral values, I thank thee, and wish you happiness and prosperity. The world needs more of your kind.

At the end he asked me: "Ok, I think I get it. But what is "your secret"? What's the thing that, if someone stole or copied from you, would mean catastrophy for your company?"

I thought about it for a second, and I realized that there isn't a single thing.

Mockups is a simple product, a good coder could create a clone of it in a couple of months starting from scratch. Someone could post a crack for my licensing algorithm on a BitTorrent site today.

I don't think either would spell catastrophy for Balsamiq.

People buy products from companies they trust and respect, and who treat them well in return. People buy software if they know that the people behind it care for your success while using it. They want to see the software improved continuously and with a passion. They care about a sensibility for usability and attention to details.

These aren't things one can steal.

I believe Balsamiq is successful so far because of all that I do every day: the site, the blog, the promotions, helping customers, listening to their ideas...and of course improving the product with new features and bug fixes. It's one big puzzle, every piece contributes to the whole (what Geoffrey Moore calls "The Whole Product Model").

Some resources

I am a huge fan and avid reader of the Business of Software forums, a community of small software vendors. Here are some links on this topic taken from there. As you can see, none of my ideas is original or revolutionary, though there is some debate about these topics...

Something funny

While I was writing this post I thought about checking if Mockups had in fact been cracked without my knowledge and was available for download somewhere.

So I did some research, and while "The search of balsamiq was not successfully" [sic] on Astalavista :), I did find something on TorrentTractor. Check it out, one of the files is 833Megabytes! Now, the original Mockups for Desktop file is less than 3Mb right now...I pity the fool who downloads almost a Gig of crap, likely full of viruses, trojans and who knows what...I couldn't have done a better job at polluting the hacker sites myself! :)

In conclusion

I want to leave you with a quote from Pete Santangeli, which I think sums it all up nicely: "the best way to slow down your competitors is to give them your source code".

Brilliant! :)

Peldi

[UPDATE: someone just anonymously posted my licensing key generation code in a comment to this post, which I deleted. Anonymous hacker: congrats, you are better than me! :) I'm sorry you didn't post your name or I would have sent you a picture of a medal or something. I have deleted your comment because, like I say in the post above, I am trying to convince people in the "yellow group" to move towards the green area...not make it too easy for them to go towards the red (Balsamiq is how I am trying to make a living after all). I hope you'll understand. I'm going back to work now...]

Hi there, sorry for not blogging for a while (a whole 10 days!), but I've been pretty busy with both Balsamiq work and life in general: after 3 months "on vacation" traveling around Italy, real life is starting here in Bologna: we are buying furniture, unpacking boxes, dealing with immigration for my American wife (so fun!)...plus our little one started school last week, talk about milestones! :)

Anyways, a quick update to list the improvements and bug fixes I made since the last "update" post of August 31st:

Business Update: has it really been 3 months already?

Things are still going really well for Balsamiq. Today is exactly the 3-months mark since launch, and Mockups keeps getting rave reviews and tweets. Sales are growing nicely, and the combined income from the 3 different products makes for some exciting variations week by week. I'd love to share more but I promised I'd save it until revenue reaches $100K, and I'm only half-way there. Oops, did I say too much? ;)

What's next

Two other BIG things are going on:

I am very close to announce the port of Mockups to another wiki platform. Stay tuned for more, I'm excited about it!

I have started implementing the "image upload" feature, a.k.a. the #1 most requested feature. Wish me luck! :)

Hey there, the title pretty much says it all, but here's a picture too: :)

I also fixed a bug with Mockups not showing up on startup when you used it on a secondary monitor and don't have it plugged in when you launch it again - an edge case, but pretty bad if it happens to you. :)

After getting a nod from my superstar customers, I have changed the default file extension used by Balsamiq Mockups for Desktop from XML to BMML. It stands for Balsamiq Mockups Markup Language, and it's still the same human-readable XML format you are used to (the file format didn't change, only its name).

What's in it for you? See for yourself (58 seconds, no-audio):

Now you can double-click on one or more mockup files and they'll open...you guessed it, in Balsamiq Mockups for Desktop! No more cursing at Internet Explorer or Dreamweaver...no offense! ;)

Plus now you get a nice little smiley-face icon for your mockup files, which should make them easier to spot if you have a very messy desktop like I do.

While I was at it, I also added a handly drag-files-to-Mockups-to-open-them feature, which you can see demonstrated in the video as well.

It's important to note that you'll still be able to load and save files with the XML extension if you'd like. In other words this change is backwards compatible.

I will be rolling out this BMML change to Mockups for Confluence and for JIRA as well in the next few days, which should help you disambiguate mockup attachments from the rest.

You only need to register your copy once per machine, then you can export PNGs from your Mockups' XML files whenever you need to.

The export process is near-instantaneous, and you should only see a quick "flashing" of the app.

Will you use this feature? What for? Email me and we'll write a nice case-study blog post about it!

Many thanks for Steve Moyer for the idea, the support and the feedback during the implementation. He is building a plugin for the Maven build system which will allow the automatic generation of Mockup PNGs during the "site" phase. These PNGs can be referenced from other project documentation, or the Mockups can be viewed from an automatically generated gallery of thumbnails. Stay tuned for updates!

The new feature is already live in today's Mockups for Desktop build. Go get it!

On a personal note, I loved building this feature because it took me back to my mostly-linux days of college...I love the Unix phylosophy of "many small, specific, well-written and flexible tools working together to achieve great things"...turning Mockups into a tool that fits in that ecosystem makes my inner geek very happy. :)

The build is approaching beta-quality: if you'd like to help me test it, email me and I'll send you a link with instructions.

On the licensing front, Mockups for JIRA is going to cost $799 per JIRA installation, regardless of what version of JIRA you are running. I think it's a fair price, and I already validated it with some prospective customers. I'd still like to hear more opinions on ir, so please email me or add a comment if you'd like.

Also, if you have comments on the way I integrated Mockups on JIRA, let me know! I am not a JIRA guru so I might have missed out on some useful integration feature opportunities.

I was shooting to have a 'for sale' version at the end of October, but since I am early I might move that up to the end of September.

Resize multiple icons at the same time: an iron_Lung idea, demo below (18 seconds, no audio):

Performance improvements; with the help of gregorE, Adam, Kristi, and iron_Lung, we narrowed down the performance problems some of you were having to being mostly caused by memory leaks, of which I found and fixed about 50.

z-Ordering keyboard shortcuts: another iron_Lung request, you can now send to back and bring forward your controls with the familiar CTRL+SHIFT+[ (send to back), CTRL+[ (send backwards), CTRL+] (bring forward) and CTRL+SHIFT+] (bring to front) keyboard shortcuts. As with all keyboard shortcuts, these work best in the Desktop version.

This build also fixes some funky resizing issues with Tag Cloud, Data Grid, the Tree and the Menu Bar: now if you make the control "too small to fit the text", you won't see text "hanging outside the edges" any more, the text that doesn't fit will simply become invisible. This fix came after painfully watching Patrick Sullivan Jr. of EditWeapon try Balsamiq for the first time and hitting the bug.

Notice something in common with all the updates above? Yes, they all came from suggestions from current and prospective customers. This means that if there's something you don't like or would like to see improved in Mockups, speak up! It will very likely get added quickly and if it's a problem, I'll drop everything I'm doing in order to fix it ASAP.

I have a few more Mockups-related announcements up my sleeve for the next few days, stay tuned. :)